Synopsis: Important: abrt and libreport security update
Issue Date: 2013-01-31
CVE Numbers: CVE-2012-5659
CVE-2012-5660
—
It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
tool did not sufficiently sanitize its environment variables. This could lead
to Python modules being loaded and run from non-standard directories (such as
/tmp/). A local attacker could use this flaw to escalate their privileges to
that of the abrt user. (CVE-2012-5659)
A race condition was found in the way ABRT handled the directories used to
store information about crashes. A local attacker with the privileges of the
abrt user could use this flaw to perform a symbolic link attack, possibly
allowing them to escalate their privileges to root. (CVE-2012-5660)
—
SL6
x86_64
abrt-2.0.8-6.el6_3.2.x86_64.rpm
abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm
abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm
abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm
abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm
abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm
abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm
abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm
abrt-libs-2.0.8-6.el6_3.2.i686.rpm
abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm
abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm
libreport-2.0.9-5.el6_3.2.i686.rpm
libreport-2.0.9-5.el6_3.2.x86_64.rpm
libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm
libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm
libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm
libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm
libreport-python-2.0.9-5.el6_3.2.x86_64.rpm
abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm
abrt-devel-2.0.8-6.el6_3.2.i686.rpm
abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm
libreport-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm
libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm
libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm
i386
abrt-2.0.8-6.el6_3.2.i686.rpm
abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm
abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm
abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm
abrt-cli-2.0.8-6.el6_3.2.i686.rpm
abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm
abrt-desktop-2.0.8-6.el6_3.2.i686.rpm
abrt-gui-2.0.8-6.el6_3.2.i686.rpm
abrt-libs-2.0.8-6.el6_3.2.i686.rpm
abrt-tui-2.0.8-6.el6_3.2.i686.rpm
libreport-2.0.9-5.el6_3.2.i686.rpm
libreport-cli-2.0.9-5.el6_3.2.i686.rpm
libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-2.0.9-5.el6_3.2.i686.rpm
libreport-newt-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm
libreport-python-2.0.9-5.el6_3.2.i686.rpm
abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm
abrt-devel-2.0.8-6.el6_3.2.i686.rpm
libreport-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm
libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm
– Scientific Linux Development Team
